-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Low
-
Component/s: Integration - Sourcetree
-
None
-
1
-
Severity 3 - Minor
-
12
Issue Summary
According to the following blogpost, App passwords will be deprecated in favor of API tokens:
https://www.atlassian.com/blog/bitbucket/bitbucket-cloud-transitions-to-api-tokens-enhancing-security-with-app-password-deprecation
When authenticating through the API using API tokens, users will need to use e-mail address + API token; When authenticating for local Git operations, users will need to use username + API token.
SourceTree currently utilizes the Bitbucket Cloud API and Git over HTTPS operations, using the same credentials supplied by the user. However, Sourcetree only allows you to supply username + password.
This means that users can't authenticate in Sourcetree using basic authentication, since API tokens now require email for API requests.
Steps to Reproduce
- Open Sourcetree
- Click on "..." > Accounts
- On "Host" select Bitbucket
- On Auth Type select "Basic"
- On Username, provide your Bitbucket username
- On password, provide your API token
- On Protocol, pick HTTPS
- Click on "Save"
Expected Results
Sourcetree should be able to authenticate to Bitbucket with the given credentials (Username + API token)
Actual Results
Sourcetree returns the following error message when attempting to use API tokens with username, as it needs the e-mail address to perform API requests:
We couldn't connect to Bitbucket with your (<Username>) credentials. Check your username and try the password again.
Workaround
Using OAuth for authentication is a good alternative, as it will work normally even after the App password deprecation date.